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Members 

Paul Arnold Deputy Chief Executive Officer (Chair) 

Jonathan Bamford Head of Parliament and Government Affairs 

Ken Macdonald Head of ICO Regions 

Faye Spencer Interim Head of Customer and Business Services 
(Customer Contact) 

Heather Dove Head of Finance 

Andrew Laing Head of Data Protection Complaints and Reviews 

Steve Eckersley Head of Enforcement 

Richard Marbrow Corporate Governance Group Manager 

Secretariat 

Caroline Robinson Corporate Governance Officer 


1. Introductions and apologies 
Apologies were received from Emma Deen, Robert Parker, David 
Wells and Mike Collins. 


2. Matters arising from the previous meeting 
Minutes 
There were no matters arising from the previous minutes. 


Action Board 
e The action for the review of bank signatories to be brought to 
the next DCEO SG meeting in J une. 
e All other actions from the previous minutes were cleared. 


Actions 

Steve Eckersley to produce guidance giving line managers criteria 
for arranging the reward and recognition scheme and to bring it to 
the next meeting in June. 


Workforce Planning Report: 

Discussion 

Paul Arnold will be presenting the workforce planning report at SLT 
on Tuesday 30 May. The group discussed the recruitment plans and 
the different approaches that will be needed across the 


organisation. Paul Arnold confirmed that once the paper has been 
agreed at SLT, Organisational Development will be developing a 
plan for recruitment. 


Decision 
The Group were comfortable with the way resources have been 
allocated across the business. 


Accommodation Strategy: 

Discussion 

The Group discussed the paper and proposals. They recognised the 
need to try a variety of approaches to ensure that the solutions 
were effective for the different working practices across the 
organisation. 


Decision 
The group supported the approach 


3. Risk Register 
Discussion 
Paul Arnold stated that the risk register is to set parameters for the 
risk appetite. 


Heather Dove raised a concern at the risk rating for the Grants 
Scheme. 


Decision 

The view of the group was that the due diligence exercise in 
choosing organisations to receive a grant should be as robust as 
possible to reduce the residual risk of non-delivery of a project. 


Actions 
Paul Arnold asked the group to email him thoughts on risk appetite 
before the next meeting. 


Heather Dove to raise the concern regarding the risk rating for the 
Grants Scheme at the next Policy Steering Group meeting. 


4, Finance Report 
Discussion 
Heather Dove confirmed that the report will be going to the 
Auditors. 


There were no further queries on the report. 


5. Business Development and IT 
Discussion 
Paul Arnold ran through the reports and updated the group on latest 
developments. 


The reports highlighted progress with the key strategic projects as 
well as providing a draft review of progress against the overarching 
IT Strategic Plan. 


The group confirmed their support for the strategic direction and the 
associated priorities whilst recognising the challenging workload. It 
was confirmed that any strategic risks or opportunities will be 
highlighted to the steering group, but at the moment things were 
progressing within agreed tolerance. 


The group then reviewed two papers on the |CO's cyber security. 
The first described progress with the remediation of issues 
highlighted during the last IT Health check. The second was a more 
general overview of the standards of cyber security the ICO relies 
on and works towards. This latter paper was proposed for review by 
Audit committee. The group supported the recommendation that the 
ICO build on its longstanding PSN accreditation based approach by 
pursuing a model based on |SO27001 accreditation. 


The group also commented positively on the |CO's cyber defences in 
light of the recent global malware attack. 


6. Any other business 
Discussion 
Paul Arnold confirmed that the security threat has been raised to 
Critical. Recommendations around security for the staff and the 
building have been made and will be highlighted to staff via a 
message on ICON. 


Ken Macdonald updated the group on the latest developments with 
the Welsh Language Standards. 


Paul Arnold stated that he would like the DCEO Steering Group to 
be a catalyst for innovation across the ICO and wants to give the 
organisation the confidence to try new things to help us be the best 
we can be. The organisation should not be put off for fear of failure 
as something can always be gained from exploring new ideas. 


Next DCEO Steering Group Meeting 
23 June 2017 


